Per-connection info
Carter Bullard
carter at qosient.com
Mon Nov 26 07:10:17 EST 2007
David,
Get the newer argus clients from ftp://qosient.com/dev/argus-3.0 and use racluster() to read your original data.
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: David <lists at edeca.net>
Date: Mon, 26 Nov 2007 11:51:14
To:argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] Per-connection info
I have just started using Argus and I'd like to get
per-connection/stream info out using ra.
The fields I am interested in can be provided, it seems, by the Argus
data. I would like start time, duration (or end time), end-points (IP
and port or IP and ICMP message-type), packet totals and byte totals.
However, I do not want 1 line per Argus record (e.g. SYN/FIN/etc). I
would like 1 line per connection (for TCP flows), UDP stream or ICMP
message with the total counts per stream.
What I am after is similar to tshark -z conv,tcp but with the dates,
which Wireshark cannot do and UDP/ICMP messages.
I have tried ragator but possibly I passed the wrong option, as
further ra runs do not appear to do what I am after.
Other tools such as rahosts have saved me lots of time so far, thanks!
David
More information about the argus
mailing list